Linoleum

Friday, September 8. 2006

The release of Ubuntu 6.06 (Dapper Drake), back in June, brought not only a new desktop system to the Linux world, but also a server system with long-term commercial support. It has one key advantage over similar offerings from Redhat and Novell; the flexibility of the Debian dpkg packaging system.

This was of particular interest to me, as a system administrator who generally installs Debian, if given a choice. One of the annoying problems with Debian has been its potentially short support lifespan; essentially as long as it takes to get two more releases out. Admittedly this hasn't been a real problem, to date, but not having firm dates has been an issue in some environments in which I've worked.

Another was its perceived lack of commercial support, which often made it very difficult to bring into a corporate environment. While I've worked in situations where I had complete authority to use whatever OS I chose, I've also been in workplaces where it has been made clear that Debian simply would not be used, due to the lack of a commercial organisation providing security support.

Ubuntu's server release solves both of these problems, so I installed a copy to see how it held up.

Installation

Installation of the Ubuntu Server Edition uses the standard text-based Debian installer. It's a fairly straightforward process; a few locale settings at the start, networking, partitioning and finally setting up the bootloader.

The partitioning manager gives you the option of automatic partitioning - which builds you a system with a small boot partition, and a large LVM partition containing everything else; or of manually choosing your own partition scheme, which allows for complex setups involving RAID and LVM.

Organisations that need to roll out large numbers of identically configured servers can take advantage of the option to use a Debian-installer pre-seed file at boot time, however it is poorly documented and is lacking much of the functionality of more mature auto-installation systems such as Redhat's Kickstart. Most notably, it is not yet possible to use preseed installation to install a system using software RAID.

Default Install

After installation, the running set of services are limited to udevd (the user space daemon responsible for creating and deleting device files under /dev), syslog, mdadm (running in monitor mode, to watch for software RAID events), cron & atd, and a bunch of gettys.

The only bound port was that of dhclient (the DHCP client) - and in most serious server installations, this would not be used anyway. So, in a situation where you install Ubuntu Server with a static IP address, there are /no/ services listening on any TCP or UDP port at all.

This gives Ubuntu, in my opinion, a considerable advantage over many other Linux server distributions in the security stakes; there's nothing worse than installing a server and then spending hours shutting down all the open ports from running services that are neither desired nor needed.

The set of packages installed by default is quite minimal; enough to get the server onto the network, little more.

Kernel

Ubuntu Server comes with kernel 2.6.15. There are three kernels available in the x86 world: the default server version, which has been optimised for 686-class machines; a 386 version, which is unlikely to be used in a server environment, but is provided as it will likely work with older equipment; and a BigIron version, intended for use on BIGSMP, ES7000 and Summit systems.

In addition to this, Ubuntu Server has been released for AMD64, PowerPC and, new for this release, UltraSparc T1 architectures.

It has support for EXT2/3, XFS, JFS and ReiserFS, so it's already ahead of Redhat Enterprise in terms of filesystem support; RHEL supports only Ext2/3, to the chagrin of many system administrators. Furthermore, the Redhat Cluster Filesystem, GFS, is also available in Ubuntu, although the userspace programs for this aren't provided as part of the default installation, and must be installed manually.

Interestingly, the userspace utilities for the newer Reiser 4 filesystem are provided as part of the base install, but there isn't any kernel support for the filesystem. I don't see any clear reasoning for this.

Moving over to the network side of things, Ubuntu's kernel has IPv6 support available out-of-the-box, plus a number of non-IP network protocols, such as Appletalk, IPX and DECNET.

For those wishing to use Ubuntu for advanced networking purposes, there is support for network load balancing with IPVS, bridging support, and firewalling capabilities with netfilter. There's no firewalling on by default, however, nor is there a system for easily turning iptables rules on and off, as there is for Redhat Enterprise. The iptables package maintainer has provided an example of the old init script, which was previously used for this purpose - but has recommended against its use. I consider this to be a fairly serious omission.